Before moving on, please consider giving us a GitHub star ⭐️. Thank you!

About Tracee

Tracee is a runtime security and observability tool that helps you understand how your system and applications behave.
It is usingeBPF technologyto tap into your system and expose that information as events that you can consume.
Events range from factual system activity events to sophisticated security events that detect suspicious behavioral patterns.

To learn more about Tracee, check out thedocumentation.

Quickstart

To quickly try Tracee use one of the following snippets. For a more complete installation guide, check out theInstallation section.
Tracee should run on most common Linux distributions and kernels. For compatibility information see thePrerequisitespage. Mac users, please readthis FAQ.

Using Docker

docker run --name tracee -it --rm \
--pid=host --cgroupns=host --privileged \
-v /etc/os-release:/etc/os-release-host:ro \
-v /var/run:/var/run:ro \
aquasec/tracee:latest

For a complete walkthrough please see theDocker getting started guide.

On Kubernetes

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm install tracee aqua/tracee --namespace tracee --create-namespace

kubectl logs --follow --namespace tracee daemonset/tracee

For a complete walkthrough please see theKubernetes getting started guide.

Contributing

Join the community, and talk to us about any matter in theGitHub DiscussionsorSlack.
If you run into any trouble using Tracee or you would like to give use user feedback, pleasecreate an issue.

Find more information oncontribution documentation.

More about Aqua Security

Tracee is anAqua Securityopen source project.
Learn about our open source work and portfoliohere.